It is basically a tool designed for hardening your system, but can also be used to generate a first report.
Run the below commands only if you don't use "aixpert" yet. We don't want to overwrite an existing file!

1. Create a set of rules according to the desired security level and write it to a file.
Example for high level security ("-l h"):

aixpert -l h -n -o /etc/security/aixpert/core/appliedaixpert.xml

2. Run the check

aixpert -c -p

3. Review the report /etc/security/aixpert/check_report.txt

4. Remove the rulesetf file. It does not actually contain "applied" rules, and we don't want to confuse the aixpert.

Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to Squarespace.com and use offer code ‘EXPERTS’ to get 10% off your first purchase.

Does AIX support samba like other *nix distrobutions? I always wonder the overall risk if you misconfigure the linux equivalent of a network "share", and whether theres opportunities for AD accounts to access an AIX share were its security lapse, like you could a share on a windows server.

So (totally new to AIX and Linux) does an out the box installation of Linux not "share" directories to external users, do you have to enable CIFS or Samba if requried? Is it common for Linux servers to not have either CIFS or Samba enabled?

Is that because due to the server role, theres nothing they need to share to users outside those with a local account to access the System?

Can you elaborate slightly on what CIFS is? What is the difference between CIFS and Samba, why would one enable CIFS and not Samba? Sorry for the basic questions just need a degree of knowledge in this area, not expert.

CIFS is just the name of the protocol (formerly: SMB), and under AIX the pure client fileset is called bos.cifs_fs.

Samba is the name of a free CIFS protocol implementation on Unix/Linux providing server and client functionality.

Under Unix/Linux Samba (CIFS) is just one way to share files (and not the one native to these OSes).

The common file sharing method is NFS (Network File System) which is part of each and every Linux/Unix distribution.

Because NFS is ubiquitous file sharing between Unix servers is mostly done using this protocol, and because Windows did not have NFS in the early years one had to port the native Windows file sharing protocol (SMB/CIFS) to Unix - that's Samba.

Ok thanks, but I am struggling to see how a windows client essentially maps to a linux share via NFS, do they have to supply a linux username/password pair? I appreciate on Linux Samba share you probably assign an ACL with domain groups, but on an NFS share, what aside from knowing the full path, does the windows user need to supply before they can access the data on the NFS share (I assume its a password and usernmae of a local linux account). Where on the NFS Share do they (the admin) define which users can access these files remotely.

However, I do think nist will have something as below (e.g. AIX 6.1 STIG ) - XCCDF is supported by SCAP scanner tool and it helps for automated checks with OVAL code. Download the xsl, xml then double click the xml to see the list of rule as form of config checklist

Featured Post

In this technical webinar, AlgoSec will present several examples of common misconfigurations; including a basic device change, business application connectivity changes, and data center migrations. Learn best practices to protect your business from attack.

There's never been a better time to become a computer scientist. Employment growth in the field is expected to reach 22% overall by 2020, and if you want to get in on the action, it’s a good idea to think about at least minoring in computer science …

The Super Bowl is just days away. Millions of advertising dollars will be spent in just a few hours to drive people to websites around the globe. Optimizing your site in anticipation of a big event like this (and the traffic surges that follow) will…

Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message. In the To field, type your recipient's fax number @efaxsend.com.
You can even send a secure international fax — just include t…

In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…